Authentication configuration

The root Authentication Configuration node can have one attribute.

Attribute Description
Conceal IPS Authorized Apps Secret Indicates whether the client secret is shown in the IPS Authorized Application InfoViewer. If the value is True, then the Secret field is masked, and the secret is only shown when you add a new authorized app or when you reset the secret for an existing authorized app. The default value is False.

See "Authorized applications" in the Infor Public Sector Agency Personalization Administration Guide.

The Authentication Configuration node has two children: JSON Web Token and OAuth Credentials.

The JSON Web Token has these attributes:

Attribute Description
Access Token Expiration (in Seconds) Number of seconds before the token expires. The default is 600 (10 minutes).
Enable Refresh Token Indicates whether refresh tokens are used.
Refresh Token Expiration (in Seconds) Number of seconds before the refresh token expires. The default is 1200 (20 minutes).
Secret Key Key that will be used to sign the token. This attribute is optional. If not present the agency's encryption key is used instead.

The OAuth Credentials node stores OAuth credentials for Infor Public Sector Rest Services. This node has one or more credential nodes as children. Each credential node has these attributes:

Attribute Description
Consumer Key Consumer key for the credential. Required if you are using the ConfigOAuthCredentialHandler, the IonApiOAuthCredentialHandler, or the PortalOAuthCredentialHandler.
Enabled Indicates whether the credential is enabled.
Handler Type Information Handler that will be used to retrieve OAuth credentials. Specify the namespace (Hansen.Core.Authentication.OAuth), the class, and the assembly (Hansen.Core.Authentication). These handlers are available:
  • ConfigOAuthCredentialHandler

    Credentials are stored in the Authentication configuration.

  • IonApiOAuthCredentialHandler

    Used for integration with Infor ION API. Credentials are stored in the Authentication configuration, but the user is determined by the request header key X-Infor-Identity2.

  • InforCloudSuiteOAuthCredentialHandler

    Used for integration with CSP (CloudSuite Portal) and the ProvisioningService. Credentials are stored in the CORE.ACCESSCONTROL.OAUTHCREDENTIAL table in the Infor Public Sector database.

  • PortalOAuthCredentialHandler

    Used to integrate users via OAuth1.0a in Infor Rhythm for Civics. Credentials are stored in the Authentication configuration, but the portal user is determined by the request header key X-ips-portal-identity.
IPS User Name Infor Public Sector user name that will be used for OAuth requests. Required if you are using the ConfigOAuthCredentialHandler.
Name Name of the credential.
Priority Priority of the credential handler.
Provider Name Name of the OAuth provider that Rest Services will use. Can be set to oauth1a or portaloauth1a. Required if you are using the PortalOAuthCredentialHandler. The default for PortalOAuthCredentialHandler is portaloauth1a.
Secret Secret to use for OAuth authentication. Required if you are using the ConfigOAuthCredentialHandler, the IonApiOAuthCredentialHandler, or the PortalOAuthCredentialHandler.

The Portal node, a child of the OAuth Credentials node, can have one child Membership node. The Membership node has one attribute:

Attribute Description
Automatically Create Indicates whether a membership record will be created automatically if one doesn't already exist. This is used for SSO.